GitGuardian Platform Reviews

Name: GitGuardian Platform
Brand: GitGuardian
Rating: 4.5 (24 reviews)

4.5 out of 5

24 reviews
100% willing to recommend

What is GitGuardian Platform?

GitGuardian helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code configurations.

Get the GitGuardian Platform Buyer's Guide and find out what your peers are saying about GitGuardian Platform, SonarQube Server (formerly SonarQube), Snyk and more!

GitGuardian Platform is the #4 ranked solution in top Software Supply Chain Security solutions, #4 ranked solution in top DevSecOps solutions, #5 ranked solution in AST tools, #6 ranked solution in top Data Loss Prevention (DLP) solutions, and #7 ranked solution in application security solutions. PeerSpot users give GitGuardian Platform an average rating of 9.0 out of 10. GitGuardian Platform is most commonly compared to SonarQube Server (formerly SonarQube): GitGuardian Platform vs SonarQube Server (formerly SonarQube). GitGuardian Platform is popular among the large enterprise segment, accounting for 51% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 22% of all views.

Helped 848,989 peers since 2012

Featured GitGuardian Platform reviews

Joan Ging

Head of Development at Inhabit

Recently, a new feature was added that I had been requesting for a while, and I'm super excited about it! This feature allows us to filter incidents by team within the available filters. This is incredibly helpful because before, we could only search for individual repositories. Some of our teams have hundreds of repositories, so filtering by team saves a lot of time and effort. The ability to create teams is also valuable for a large organization like ours. Some vendors struggle to provide enough user organization layers, but GitGuardian excels in this area. The core incident management features are also fantastic. For example, alerting people via email about new incidents is crucial for staying on top of things. Additionally, the dashboard allows users to mark the status of secrets, providing a convenient location to review everything. Another area where GitGuardian shines is the breadth of secret types it covers. They can identify a vast number of secrets out-of-the-box, with minimal false positives. This means they effectively distinguish real secrets from irrelevant data, saving us time and effort. I also appreciate the context provided for developers. When they investigate secrets, they can see exactly where those secrets reside in the code, allowing for quick fixes.

Read full review

Jon-Erik Schneiderhan

Senior Site Reliability Engineer at a computer software company with 501-1,000 employees

The secrets detection and alerting is the most important feature. We get alerted almost immediately after someone commits a secret. It has been very accurate, allowing us to jump on it right away, then figure out if we have something substantial that has been leaked or whether it is something that we don't have to worry about. This general main feature of the app is great. Recently, they added a feature that checks the validity of leaked secrets. It will actually reach out and see if the secret that leaked was valid or not. I have found, over the past couple months, this to be a super useful feature. We can go through a lot of the secrets in our code base, which have been detected, and dismiss them if we know that they are invalid secrets that can't be used anyway. This saves us a bunch of time, which is why this has been a really neat feature that has been useful. I have found that I have been very satisfied with the breadth of the solution's detection capabilities. I don't think it has missed anything. The false positive rate has been very low. Every single time something is detected, it is something that we should look at. It does a very good job of detecting things that we should look at and make a decision on. We don't waste a lot of time chasing down false positives. This means that we feel safe because we don't have valid credentials sitting in our code repositories. If any of our code was breached or any of our developer work stations were compromised or stolen, no one would be able to get valid API credentials out of the Git repositories on those workstations. The solution helps to quickly prioritize remediation because it allows us to tell which keys are valid versus which ones are invalid. We prioritize the valid ones first. It also lets us sort by detection type, e.g., what kind of secret is it detecting. There are ones that we would obviously prioritize over others, like SSH keys or AWS credentials, versus less sensitive credentials that aren't as concerning. I think it does a great job of helping us prioritize. GitGuardian provides a feedback form feature that we utilize heavily. When a secret is detected, our process is to generate a feedback form link in GitGuardian, then provide that to the developer. The developer will give us contextual information about the secret, then we can take action. They have also recently released a feature, which we haven't started using yet, called automated playbooks where you can set it up to automatically create that feedback form. Then, it will be emailed to the developer so they get automatically notified that they introduce a secret with a feedback form to fill out. I suspect this will improve our developer's ability to resolve the secrets faster.

Read full review

Andrei Predoiu

DevOps Engineer at a wholesaler/distributor with 10,001+ employees

The most valuable feature is automatic secrets detection, which is quite intelligent. It gives us very few false positives, which is definitely worth it at the end of the day as no secrets or confidential keys are getting into our GitHub undetected. The majority of false positives are things like test credentials or dummy data that we put in for testing, etc. Therefore, it is not really feasible for GitGuardian to understand which is dummy data and which is real data. They do well in terms of false positives. They work quite hard on them. Sometimes they understand that it is dummy data. For certain types of secrets, they can check if it is being used. They will go to Microsoft and check if the key is valid in Microsoft, then tell you, "Hey, this secret is actually live somehow." This is another feature that they are working on that I like. The breadth of the solution's detection capabilities are really good. We haven't walked upon a piece of code where we question, "Oh, why isn't GitGuardian picking this up?" That's for sure. If there are some secrets in our Git that we don't know about and GitGuardian hasn't found it, I don't think it is likely that we will.

Read full review

GitGuardian Platform mindshare

Product category:

As of April 2025, the mindshare of GitGuardian Platform in the Application Security Tools category stands at 0.6%, up from 0.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools

PeerResearch reports based on GitGuardian Platform reviews

Type	Title	Date
Category	Application Security Tools	Apr 25, 2025	Download
Product	Reviews, tips, and advice from real users	Apr 25, 2025	Download
Comparison	GitGuardian Platform vs SonarQube Server (formerly SonarQube)	Apr 25, 2025	Download
Comparison	GitGuardian Platform vs Veracode	Apr 25, 2025	Download
Comparison	GitGuardian Platform vs Checkmarx One	Apr 25, 2025	Download

Title	Rating	Mindshare	Recommending
SonarQube Server (formerly SonarQube)	4.0	25.1%	81%	114 interviews Add to research
Snyk	4.0	8.0%	100%	45 interviews Add to research

Valuable Features

GitGuardian Platform's core value lies in automatic secrets detection, rapid incident alerts, and varied detector capabilities handling AWS keys, Slack tokens, and more. It offers effective integration with tools like GitHub and Slack, ensuring secrets never reach repositories. Developers benefit from instant feedback and resolution features, reducing false positives. The UI is intuitive, supporting efficient incident management and remediation. Historical scanning and pre-commit hooks enhance security by highlighting and preventing potential vulnerabilities.

"There is quite a lot to like. Its user interface is fantastic, and being able to sort the incidents by whether they are valid or for a certain repository or a certain user has been very beneficial in helping investigate what has been found."
"The most valuable feature is the general incident reporting system."
"The most valuable feature is its ability to automate both downloading the repository and generating a Software Bill of Materials directly from it."

Room for Improvement

GitGuardian Platform needs improved customization for healthcare identifiers and better integration with tools such as Azure DevOps. Enhancements in historical scanning, reporting, and user on-boarding are desired. More intuitive user experience, mobile app availability, and context-based scanning to reduce false positives are suggested. Automated processes like Jira ticketing are requested, alongside expanded support for various token providers and comprehensive access controls. Users express a need for clearer developer instructions and seamless linking of incidents across commits.

"Automated Jira tickets would be fantastic. At the moment, I believe we have to go in and click to create a Jira ticket. It would be nice to automate."
"We'd like to request a new GitGuardian feature that automates user onboarding and access control for code repositories."
"One of our current challenges is that the GitGuardian platform identifies encrypted secrets and statements as sensitive information even though they're secured."

ROI

GitGuardian Platform increases secrets detection efficiency and saves significant time by catching issues early. It prevents costly security breaches, reduces mean time to remediation, and saves thousands in potential losses. Users report time savings, improved productivity, and significant return on investment, often eliminating manual checks. Some see immediate business benefits and decide on long-term commitments. The platform cuts labor hours, enhances security, and offers invaluable protection of corporate assets and customer security.

Pricing

GitGuardian Platform's pricing is perceived as reasonable by many enterprise users, offering good value relative to other security tools. Users appreciate the free plan for small teams, while larger organizations find costs rise significantly with more developers. Though pricing can be negotiated, and there are no hidden or additional fees for standard deployments, some organizations note it can be expensive. The free tier is considered generous, providing full functionality for small teams.

"I am only aware of the base price. I do not know what happened with our purchasing team in discussions with GitGuardian. I was not privy to the overall contract, but in terms of the base MSRP price, I found it reasonable."
"The pricing for GitGuardian is fair."
"GitGuardian is on the pricier side."

Popular Use Cases

GitGuardian Platform is primarily used for detecting and managing secrets in code repositories. Integrated with GitHub, it monitors for security violations and alerts teams of potential risks, facilitating immediate response. It helps ensure that sensitive information, such as access tokens and passwords, are not committed. Organizations have incorporated GitGuardian into their development processes to educate teams, enhance operational security, and support compliance with security policies while managing historical and new code base challenges.

Service and Support

GitGuardian Platform’s customer service is highly rated, often scoring 8 to 10 out of 10. Users report fast response times, knowledgeable staff, and proactive support. Many can handle issues independently due to intuitive systems, yet support is prompt and efficient when needed. GitGuardian's team is approachable and communicates openly, offering quick resolutions and incorporating user feedback for enhancements. Support engineers are praised for their responsiveness and eagerness to assist, making user experiences positive.

Deployment

GitGuardian Platform's initial setup was highly praised for its quick and straightforward process. Many users noted the ease of integration with platforms like GitHub, requiring minimal preparation. The setup often took just a few minutes, and ongoing maintenance was minimal. Users found the user interface intuitive, making setup simple. Some experienced challenges with certain configurations, such as SSO and Azure connections, but these were promptly resolved with GitGuardian's available resources and support.

Scalability

GitGuardian Platform handles large codebases with ease, supporting varied deployment environments without significant performance impacts. Users report efficient handling of repositories and fast incident detection. While there may be concerns about scaling as teams grow, current usage by numerous developers and engineers shows adaptability. Feature enhancements are anticipated, but scaling abilities are generally praised. Scalability is rated highly, with effective integration into development workflows noted by users across diverse organizational sizes.

Stability

GitGuardian Platform is reported as highly stable, with users indicating consistent performance and availability. Search and integration times are quick, and there are few to no reports of crashes or downtime. Occasional maintenance windows are acknowledged, but don't significantly impact reliability. Users express satisfaction with the platform's stability, emphasizing a lack of performance issues and the minimal need for maintenance interventions. Ratings frequently reach nine or ten out of ten for stability.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our GitGuardian Platform Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

22%

Government

12%

Media Company

Financial Services Firm

Wholesaler/Distributor

Comms Service Provider

University

Educational Organization

Manufacturing Company

Healthcare Company

Legal Firm

Insurance Company

Construction Company

Retailer

Pharma/Biotech Company

Photography Company

Energy/Utilities Company

Non Profit

Recruiting/Hr Firm

Transportation Company

Mining And Metals Company

Hospitality Company

Recreational Facilities/Services Company

Consumer Goods Company

Compare GitGuardian Platform with alternative products

Learn more about GitGuardian Platform

Widely adopted by developer communities, GitGuardian is used by more than 500,000 developers and is the #1 app in the security category on the GitHub Marketplace. GitGuardian is also trusted by leading companies, including Instacart, Genesys, Orange, Iress, Beyond Identity, NOW: Pensions, and Stedi.

GitGuardian Platform includes automated secrets detection and remediation. By reducing the risks of secrets exposure across the SDLC, GitGuardian helps software-driven organizations strengthen their security posture and comply with frameworks and standards.

Its detection engine is trained against more than a billion public GitHub commits every year, and it covers 350+ types of secrets such as API keys, database connection strings, private keys, certificates, and more.

GitGuardian brings security and development teams together with automated remediation playbooks and collaboration features to resolve incidents fast and in full. By pulling developers closer to the remediation process, organizations can achieve higher incident closing rates and shorter fix times.

The platform integrates across the DevOps toolchain, including native support for continuously scanning VCS platforms like GitHub, Gitlab, Azure DevOps and Bitbucket or CI/CD tools like Jenkins, CircleCI, Travis CI, GitLab pipelines, and many more. It also integrates with ticketing and messaging systems like Splunk, PagerDuty, Jira and Slack to support teams with their incident remediation workflows. GitGuardian is offered as a SaaS platform but can also be hosted on-premise for organizations operating in highly regulated industries or with strict data privacy requirements.

GitGuardian Platform was previously known as GitGuardian Internal Monitoring.